ad.propellerads.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain ad.propellerads.com is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Utrecht, Utrecht within Netherlands which resides on the RIPE Network Coordination Centre network.
Remove Malware from ad.propellerads.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Utrecht, Netherlands (NL)

Create date:
Wednesday, May 25, 2011

Expires date:
Friday, May 25, 2018

Updated date:
Friday, August 21, 2015

ASN:
AS35415 WEBAZILLA Webazilla B.V.

Root domain:

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Amonetizeltd.a, PUP.Installer.Amonetizeltd.j, PUP.Installer.Amonetizeltd.Z, PUP.Installer.Amonetizeltd.Y, PUP.Installer.Amonetizeltd.e, PUP.Installer.Amonetizeltd.F, PUP.VittaliaInternetSL.S, PUP.Installer.ClovermediaSL.F, PUP.Installer.Firseria.F, PUP.Installer.SystemApplet.N, PUP.Installer.TuguuSL.M, Adware.Amonetize.Installer.Meta (M)
95.83%

Malwarebytes
PUP.Optional.InstallMonetizer, PUP.Optional.Amonetize, PUP.Optional.Amonetize.A, PUP.Optional.VIT, PUP.Optional.Firseria
91.67%

VIPRE Antivirus
Amonetize, Trojan.Win32.Generic, Vittalia Installer, Threat.4150696, Threat.4778314, InstallCore, Threat.4782980, Threat.4783262
91.67%

Avira AntiVirus
Adware/Amonetize.E.1, APPL/Amonetize.hsz, Adware/Amonetize.W.10, ADWARE/Adware.Gen2, Adware/Vittalia.AB, APPL/DomaIQ.Gen
91.67%

Dr.Web
Adware.Downware.1729, Adware.Downware.1655, Adware.Downware.1528, Adware.Downware.1339, Adware.Downware.1575, Adware.Downware.2467
87.50%

ESET NOD32
Win32/Amonetize (variant), Win32/Amonetize.AG (variant), Win32/Amonetize.AJ (variant), Win32/Vittalia, Win32/Amonetize.AO (variant)
83.33%

Sophos
Amonetize, Solimba Installer, iBryte Optimum Installer, Install Core Click run software, Generic PUA FK
79.17%

Trend Micro House Call
TROJ_GEN.F47V1118, TROJ_GEN.F47V1125, TROJ_GEN.F47V1003, TROJ_GEN.F47V0918, TROJ_GEN.F47V0925, TROJ_GEN.F47V0306, TROJ_GEN.F47V0326
70.83%

McAfee Web Gateway
Artemis!D9450DCB35E7, Artemis!C8557B2600A3, Artemis!466A950A6E7B, Artemis!DC79DBAB4F6C, Artemis!E92BDE0EC826, Adware-Amonetize!9E63DD19C5B7
70.83%

McAfee
Artemis!D9450DCB35E7, Artemis!C8557B2600A3, Artemis!466A950A6E7B, Artemis!DC79DBAB4F6C, Artemis!E92BDE0EC826, Adware-Amonetize!9E63DD19C5B7, Adware-Amonetize!213BA3F65A41, Artemis!B260F8AA3973, PUP-FBM!792BDBCC5908, Artemis!32760DF69639
66.67%

AhnLab V3 Security
PUP/Win32.Amonetiz, PUP/Win32.Firseria, Win-PUP/DomaIQ.Gen
62.50%

avast!
Win32:Amonetize-M [PUP], Win32:Amonetize-AM [PUP], Win32:Amonetize-AK [PUP], Win32:Amonetize-Y [PUP], Win32:Amonetize-Q [PUP]
62.50%

AVG
Skodna.Generic_c, Generic_r, AdInstaller.Vitalia, MalSign.Generic, DomaIQ_r.K, BundleApp_r.R, Solimba, Adware Generic_s.CM
58.33%

Comodo Security
ApplicUnwnt, Application.Win32.Vittalia.AB, UnclassifiedMalware, TrojWare.Win32.IBryte.AE, Application.Win32.InstallCore.IK
54.17%

G Data
Application.Downloader.RB, Win32.Application.Amonetize, Trojan.Generic.11322249, Gen:Variant.Adware.Kazy.374465, Application.Bundler.Amonetize
50.00%

The domain ad.propellerads.com has been seen to resolve to the following 6 IP addresses.

October 9, 2014

October 9, 2014

October 9, 2014

v-2-do15-d1260-205.webazilla.com
June 21, 2014

v-2-eu22-d951-46.webazilla.com
December 22, 2013

v-2-do13-d1175-109.webazilla.com
December 22, 2013

File downloads found at URLs served by ad.propellerads.com.

The following 7 files have been seen to comunicate with ad.propellerads.com in live environments.

URL:
http://ad.propellerads.com/

Title:
“Google”

Description:
“Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for.”

SSL certificate subject:
CN=*.propellerads.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)15, OU=GT65295266

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
gws

Facebook:
Likes:  4,160,562
Shares:  9,909,640
Comments:  2,216,501

Statistics are for the previous month.

Remove Malware from ad.propellerads.com - Powered by Reason Core Security